If you're referring to SSO as a server side authentication function (APM to server), RSA SecurID is not one of the supported SSO mechanisms. There would be no way for APM to retrieve a SecurID pass code on the user's behalf. If, however, the user entered the pass code into a form on the APM (via logon page on the client side), it should be fairly trivial to relay these credentials to a server which is most likely collecting them in a form logon page.
If you're referring to SSO as a client side authentication function (client to APM), Access Policy Manager (APM) can definitely perform RSA SecurID in lieu of, or in combination with any other authentication methods. Here's a link to specific configuration information:
http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-aaa-auth-config-11-3-0/1.htmlunique_1217962019
One important thing to note is that most of the APM client side authentication mechanisms (AD Auth, LDAP Auth, RADIUS Auth, RSA SeruID, and others) expect the username and password values in the
session.logon.last.username and
session.logon.last.password session variables, respectively. So if you're using multiple auth mechanisms, like AD Auth and RSA SecurID, where the password fields may be different (password string vs. pass code), you must store the password or pass code in a temporary variable while processing the first auth method, and then re-populate the password variable for the second auth method.